Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Source Code for Exobot Android Banking Trojan Leaked Online

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Chrome and Windows Explorer consuming 100% CPU

Started by rpm4178 , Mar 10 2018 01:47 PM

Please log in to reply

11 replies to this topic

#1 rpm4178

Members
8 posts
OFFLINE

Local time:09:27 PM

Posted 10 March 2018 - 01:47 PM

**This topic was originally posted this morning in Windows 10 Support but it was suggested that I post it here.

HP Envy x360 m5 laptop

Windows 10 Home

Ver 1709

Build 16299.248

Chrome Version 65.0.3325.146 (Official Build) (64-bit)

Anti-virus Webroot Anywhere ver 9.0.19.43

Hello,

Occasionally my PC becomes unresponsive and unusable. When I am able to start up Task Manager, it shows that Chrome is consuming about 70% of CPU resources, Windows Explorer 25% CPU, and Task Manager 5%. These numbers vary but are in this ballpark.

In Task Manager, under Chrome, it lists 20 or more instances of Chrome when I have 3 or 4 tabs open. Usually 3 of those instances are consuming 20%+ CPU resources. If I use Task Manager to end those tasks, they immediately reappear. One of those instances sometimes intermittently displays the message “GPU 0 - 3D” off to the right of the task listing.

I also recently noticed that after I managed to shut down Chrome, there were 3 instances of a process called software_reporter_tool.exe, one of which was consuming about 20% CPU.

Also, I noted that even when I am not experiencing this Chrome related issue, Windows Explorer routinely consumes 20-25% CPU so I suspect that I have two separate issues.

I have run scans with Webroot and Malwarebytes and come up empty. SuperAntiSpyware turns up the usual Adware junk but nothing else. Ran a Quick Scan with MS Malicious Software Removal Tool, but it did not detect any infections.

Does this sound familiar to anyone out there?

Thanks, Bob

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Broni

The Coolest BC Computer

BC Advisor
42,699 posts
OFFLINE

Gender:Male
Location:Daly City, CA
Local time:09:27 PM

Posted 10 March 2018 - 05:24 PM

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MiniToolBox and run it.

Checkmark following boxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices (do NOT change any settings here)
List Users, Partitions and Memory size
List Restore Points

Click Go and post the result.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download

Malwarebytes Anti-Rootkit (MBAR) to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Double click on downloaded file. OK self extracting prompt.
MBAR will start. Click "Next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click

#3 rpm4178

Topic Starter

Members
8 posts
OFFLINE

Local time:09:27 PM

Posted 11 March 2018 - 01:15 PM

Results of screen317's Security Check version 1.014 --- 12/23/15

x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Webroot SecureAnywhere

Windows Defender

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Adobe Flash Player 28.0.0.161

Google Chrome (65.0.3325.146)

Google Chrome (SetupMetrics...)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamtray.exe

Bitdefender Agent ProductAgentService.exe

Windows Defender MSASCuiL.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016

Ran by Bob (administrator) on 11-03-2018 at 10:17:04

Running from "C:\Users\Bob\Documents\Utilities\Bleeping Computer"

Microsoft Windows 10 Home (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

MiniToolBox by Farbar Version: 17-06-2016

Ran by Bob (administrator) on 11-03-2018 at 10:23:05

Running from "C:\Users\Bob\Documents\Utilities\Bleeping Computer"

Microsoft Windows 10 Home (X64)

Model: HP ENVY x360 m6 Convertible Manufacturer: HP

Boot Mode: Normal

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

========================= Hosts content: =================================

========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 7265 = Wi-Fi (Connected)

TAP-Windows Adapter V9 = PIA (Media disconnected)

Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="PIA" forwarding=enabled advertise=enabled metric=1 nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-NAE5VQN

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : attlocal.net

Ethernet adapter PIA:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : TAP-Windows Adapter V9

Physical Address. . . . . . . . . : 00-FF-CE-A3-32-8C

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : attlocal.net

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : DC-4A-3E-A7-62-03

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

Physical Address. . . . . . . . . : 18-5E-0F-2A-BB-52

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : attlocal.net

Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7265

Physical Address. . . . . . . . . : 8A-3C-C6-3F-C6-E2

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2600:1700:c120:b370::19(Preferred)

Lease Obtained. . . . . . . . . . : Sunday, March 11, 2018 6:59:32 AM

Lease Expires . . . . . . . . . . : Sunday, March 25, 2018 6:59:32 AM

IPv6 Address. . . . . . . . . . . : 2600:1700:c120:b370:1d5d:bfa:e890:d2b2(Preferred)

Temporary IPv6 Address. . . . . . : 2600:1700:c120:b370:a459:3223:1dc3:c7fe(Preferred)

Link-local IPv6 Address . . . . . : fe80::1d5d:bfa:e890:d2b2%5(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Sunday, March 11, 2018 6:59:32 AM

Lease Expires . . . . . . . . . . : Monday, March 12, 2018 6:59:30 AM

Default Gateway . . . . . . . . . : fe80::3edf:a9ff:fed0:fe50%5

192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DHCPv6 IAID . . . . . . . . . . . : 92945606

DHCPv6 Client DUID. . . . . . . . : 00-03-00-01-8A-3C-C6-3F-C6-E2

DNS Servers . . . . . . . . . . . : 2600:1700:c120:b370::1

192.168.1.254

NetBIOS over Tcpip. . . . . . . . : Enabled

Connection-specific DNS Suffix Search List :

attlocal.net

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: dsldevice6.attlocal.net

Address: 2600:1700:c120:b370::1

Name: google.com

Addresses: 2607:f8b0:4009:806::200e

172.217.4.206

Pinging google.com [2607:f8b0:4009:806::200e] with 32 bytes of data:

Reply from 2607:f8b0:4009:806::200e: time=71ms

Reply from 2607:f8b0:4009:806::200e: time=70ms

Ping statistics for 2607:f8b0:4009:806::200e:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 70ms, Maximum = 71ms, Average = 70ms

Server: dsldevice6.attlocal.net

Address: 2600:1700:c120:b370::1

Name: yahoo.com

Addresses: 2001:4998:58:2201::73

2001:4998:c:e33::53

98.139.180.180

206.190.39.42

Pinging yahoo.com [2001:4998:c:e33::53] with 32 bytes of data:

Reply from 2001:4998:c:e33::53: time=47ms

Reply from 2001:4998:c:e33::53: time=46ms

Ping statistics for 2001:4998:c:e33::53:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 47ms, Average = 46ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

14...00 ff ce a3 32 8c ......TAP-Windows Adapter V9

4...dc 4a 3e a7 62 03 ......Realtek PCIe GBE Family Controller

2...18 5e 0f 2a bb 52 ......Microsoft Wi-Fi Direct Virtual Adapter

5...8a 3c c6 3f c6 e2 ......Intel® Dual Band Wireless-AC 7265

1...........................Software Loopback Interface 1

8...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.107 35

127.0.0.0 255.0.0.0 On-link 127.0.0.1 331

127.0.0.1 255.255.255.255 On-link 127.0.0.1 331

127.255.255.255 255.255.255.255 On-link 127.0.0.1 331

192.168.1.0 255.255.255.0 On-link 192.168.1.107 291

192.168.1.107 255.255.255.255 On-link 192.168.1.107 291

192.168.1.255 255.255.255.255 On-link 192.168.1.107 291

224.0.0.0 240.0.0.0 On-link 127.0.0.1 331

224.0.0.0 240.0.0.0 On-link 192.168.1.107 291

255.255.255.255 255.255.255.255 On-link 127.0.0.1 331

255.255.255.255 255.255.255.255 On-link 192.168.1.107 291

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

5 291 ::/0 fe80::3edf:a9ff:fed0:fe50

1 331 ::1/128 On-link

5 51 2600:1700:c120:b370::/60 fe80::3edf:a9ff:fed0:fe50

5 291 2600:1700:c120:b370::/64 On-link

5 291 2600:1700:c120:b370::19/128

On-link

5 291 2600:1700:c120:b370:1d5d:bfa:e890:d2b2/128

On-link

5 291 2600:1700:c120:b370:a459:3223:1dc3:c7fe/128

On-link

5 291 fe80::/64 On-link

5 291 fe80::1d5d:bfa:e890:d2b2/128

On-link

1 331 ff00::/8 On-link

5 291 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)

Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)

Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (03/11/2018 06:59:17 AM) (Source: DPTF) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (03/10/2018 10:54:02 PM) (Source: DPTF) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service) (User: )

Description: Local Hostname DESKTOP-NAE5VQN.local already in use; will try DESKTOP-NAE5VQN-2.local instead

Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 16 DESKTOP-NAE5VQN.local. AAAA 2600:1700:C120:B370:0996:011C:FCA8:888C

Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service) (User: )

Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:0996:011C:FCA8:888C:5353 16 DESKTOP-NAE5VQN.local. AAAA 2600:1700:C120:B370:0000:0000:0000:0018

Error: (03/10/2018 07:22:10 PM) (Source: DPTF) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (03/10/2018 04:21:05 PM) (Source: DPTF) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (03/10/2018 03:02:31 PM) (Source: Application Error) (User: )

Description: Faulting application name: HPWMISVC.exe, version: 1.3.4.0, time stamp: 0x54e2a903

Faulting module name: OLEAUT32.dll, version: 10.0.16299.15, time stamp: 0xa2f491b8

Exception code: 0xc0000005

Fault offset: 0x0001a884

Faulting process id: 0x1f74

Faulting application start time: 0xHPWMISVC.exe0

Faulting application path: HPWMISVC.exe1

Faulting module path: HPWMISVC.exe2

Report Id: HPWMISVC.exe3

Faulting package full name: HPWMISVC.exe4

Faulting package-relative application ID: HPWMISVC.exe5

Error: (03/10/2018 03:02:27 PM) (Source: DPTF) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (03/10/2018 02:42:02 PM) (Source: DPTF) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

System errors:

=============

Error: (03/11/2018 09:53:42 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-NAE5VQNBobS-1-5-21-3771988080-3016190582-6190279-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/11/2018 07:02:19 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/10/2018 03:02:33 PM) (Source: Service Control Manager) (User: )

Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).

Error: (03/10/2018 09:36:14 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)

Error: (03/10/2018 09:35:42 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)

Error: (03/10/2018 08:25:12 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)

Error: (03/10/2018 08:20:45 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)

Error: (03/10/2018 08:06:29 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)

Error: (03/10/2018 07:57:05 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)

Error: (03/10/2018 07:50:58 AM) (Source: DCOM) (User: NT AUTHORITY)

Microsoft Office Sessions:

=========================

Error: (03/11/2018 06:59:17 AM) (Source: DPTF)(User: )

Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (03/10/2018 10:54:02 PM) (Source: DPTF)(User: )

Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service)(User: )

Description: Local Hostname DESKTOP-NAE5VQN.local already in use; will try DESKTOP-NAE5VQN-2.local instead

Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service)(User: )

Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 16 DESKTOP-NAE5VQN.local. AAAA 2600:1700:C120:B370:0996:011C:FCA8:888C

Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service)(User: )

Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:0996:011C:FCA8:888C:5353 16 DESKTOP-NAE5VQN.local. AAAA 2600:1700:C120:B370:0000:0000:0000:0018

Error: (03/10/2018 07:22:10 PM) (Source: DPTF)(User: )

Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (03/10/2018 04:21:05 PM) (Source: DPTF)(User: )

Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (03/10/2018 03:02:31 PM) (Source: Application Error)(User: )

Description: HPWMISVC.exe1.3.4.054e2a903OLEAUT32.dll10.0.16299.15a2f491b8c00000050001a8841f7401d3b8b8a7360238c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exeC:\WINDOWS\System32\OLEAUT32.dlldff8873c-ccd0-431e-bb16-96e4fa44778e

Error: (03/10/2018 03:02:27 PM) (Source: DPTF)(User: )

Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (03/10/2018 02:42:02 PM) (Source: DPTF)(User: )

Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version: 8.1.10600.147

DPTF Build Date: May 26 2015 13:35:22

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

CodeIntegrity Errors:

===================================

Date: 2018-03-11 10:14:32.708

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-11 10:14:32.706

Date: 2018-03-11 10:14:22.711

Date: 2018-03-11 10:14:22.710

Date: 2018-03-11 09:44:32.299

Date: 2018-03-11 09:44:32.298

Date: 2018-03-11 09:44:22.586

Date: 2018-03-11 09:44:22.585

Date: 2018-03-11 09:33:14.011

Date: 2018-03-11 09:33:14.010

=========================== Installed Programs ============================

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)

Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)

Amazon Kindle (HKCU\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)

ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.55 - ArcSoft)

Arduino (HKLM-x32\...\Arduino) (Version: 1.8.3 - Arduino LLC)

Belarc Advisor 8.6 (HKLM-x32\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)

Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)

Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)

Canon MF4800 Series (HKLM\...\{444085BE-389B-4330-A291-3FC258B846EC}) (Version: 4.1.0.1 - CANON INC.)

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)

Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)

Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)

Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)

Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)

Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)

Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden

CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)

CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)

CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden

CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)

CyberPower PowerPanel Personal Edition 1.5.3 (HKLM-x32\...\{C7953D3C-D23D-4A87-AFD7-F9B6F4DB0CBB}) (Version: 1.5.3 - Cyber Power Systems, Inc.)

DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden

Document Capture Pro (HKLM-x32\...\{C75B4983-D3A7-4D0A-8B1A-7BC4F2044F37}) (Version: 1.06.0012 - Seiko Epson Corporation)

Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)

Easy Photo Scan (HKLM-x32\...\{04A3C7AC-C350-46FA-8F72-C4E3F6B50D07}) (Version: 1.00.0004 - Seiko Epson Corporation)

Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)

Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)

Epson Event Manager (HKLM-x32\...\{E4631929-CBD3-49A1-9BB7-F36E701F7C34}) (Version: 3.10.0040 - Seiko Epson Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.00 - SEIKO EPSON Corp.)

Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.)

Geekbench 4 (HKLM-x32\...\Geekbench 4) (Version: - Primate Labs Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.146 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )

HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)

HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)

HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.8.47.1 - Hewlett-Packard Company)

HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)

HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)

HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)

InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)

Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden

Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)

Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)

Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)

Intel® WiDi (HKLM\...\{76FAF7E1-52D0-49F7-A627-E78303F9C7EF}) (Version: 6.0.39.0 - Intel Corporation)

Intel® WiDi Software Asset Manager (HKLM-x32\...\{5B5CD20C-29F0-4857-A4FA-A4F4C716B019}) (Version: 1.1.347 - Intel Corporation) Hidden

Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)

Intel® Software Guard Extensions Platform Software (HKLM\...\{10307C17-F7FD-405D-9F3B-0BF66EA43857}) (Version: 1.0.26920.1393 - Intel Corporation)

LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)

LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )

Logitech Gaming Software 8.91 (HKLM\...\Logitech Gaming Software) (Version: 8.91.48 - Logitech Inc.)

Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)

Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MyHarmony (HKCU\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)

NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)

NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

PDFsam Basic (HKLM-x32\...\{0F7F1493-D16D-4C7B-A271-17A12168CCC4}) (Version: 3.30.2.0 - Andrea Vacondio)

PDFsam Enhanced 4 Asian Fonts Pack (HKLM\...\{B196CA8F-9E0B-4313-B869-D70ABBF39D65}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Convert Module (HKLM\...\{2703396F-9F8D-4B33-9505-EC9790843796}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Create Module (HKLM\...\{B1F90D78-911F-478A-807E-C11F549F54F0}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Edit Module (HKLM\...\{5738E844-1029-4CEF-A31C-E1825431EC5B}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Forms Module (HKLM\...\{C54F9BD4-9C60-4B72-A8D2-30B4D003F348}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Insert Module (HKLM\...\{EFE05902-4CD7-448E-9504-45FD34983C48}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 OCR Module (HKLM\...\{AE52B43E-540F-4144-895D-D84477ADBAD8}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Review Module (HKLM\...\{8CE14103-AA20-4F03-A119-5DA176ECFC1C}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Secure Module (HKLM\...\{F9B225E5-3A68-4DAB-95E0-13B32DE69277}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 View Module (HKLM\...\{DF4F9D60-BF67-4BA3-8847-899F6A3C157E}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

Perfection V19_V39 User Guide version 1.0 (HKLM-x32\...\UsersGuidePerfection V19_V39 User Guide_is1) (Version: 1.0 - )

Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)

Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)

Python 3.5.1 (64-bit) (HKCU\...\{0ee0d38a-fb40-4780-a8f8-73a57f4df39c}) (Version: 3.5.1150.0 - Python Software Foundation)

Python 3.5.1 Core Interpreter (64-bit) (HKLM\...\{2690DE23-49CD-4973-AA74-F77C4C852189}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Development Libraries (64-bit) (HKLM\...\{70D9C8DA-F1A1-43B0-B325-6263CD21E535}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Documentation (64-bit) (HKLM\...\{5C8D887B-998A-4708-9120-CE040C4A5B47}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Executables (64-bit) (HKLM\...\{39F30A3E-99D9-46E3-8582-7422FE54A1FB}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)

Python 3.5.1 pip Bootstrap (64-bit) (HKLM\...\{E98CFF92-01E0-4E30-8C72-3C82111091C2}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Standard Library (64-bit) (HKLM\...\{0F774261-D55F-4180-B266-A9E1C6F4CD7A}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Tcl/Tk Support (64-bit) (HKLM\...\{A47BAF5B-53CC-4E60-847A-E13CAF26F467}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Test Suite (64-bit) (HKLM\...\{A1B06412-F898-47C9-968F-D3B331ABB202}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Utility Scripts (64-bit) (HKLM\...\{34E72E6D-77E8-4C17-99B8-42497B7308C8}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

SNOW (HKLM\...\Steam App 244930) (Version: - Poppermost Productions)

Software Updater (HKLM-x32\...\{C465AB7A-CF61-4648-86E4-7A29BFF2F3A9}) (Version: 4.3.5 - SEIKO EPSON CORPORATION)

Spotify (HKCU\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)

swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)

VCarve Desktop 8.0 (HKLM\...\VCarve Desktop) (Version: 8.0 - Vectric)

Vectric Shell Extensions 1.2 (HKLM-x32\...\VectricThumbnailShellExt) (Version: - Vectric)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)

Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)

Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.19.43 - Webroot)

Windows Store Gift Card Promo (HKLM-x32\...\{FF74AA30-FF56-4197-8B64-5D63F367BC02}) (Version: 1.0.0.1 - Microsoft Corporation)

YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden

YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 37%

Total physical RAM: 8112.41 MB

Available physical RAM: 5097.83 MB

Total Virtual: 10772.94 MB

Available Virtual: 6848.29 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:917.37 GB) (Free:811.36 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:12.84 GB) (Free:1.56 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-NAE5VQN

Administrator Bob DefaultAccount

Guest WDAGUtilityAccount

========================= Restore Points ==================================

14-02-2018 16:24:25 Windows Update

24-02-2018 15:00:42 Scheduled Checkpoint

**** End of log ****

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 3/11/18

Scan Time: 10:27 AM

Log File: 836151fa-2551-11e8-9641-dc4a3ea76203.json

Administrator: Yes

-Software Information-

Version: 3.4.4.2398

Components Version: 1.0.322

Update Package Version: 1.0.4302

License: Trial

-System Information-

OS: Windows 10 (Build 16299.248)

CPU: x64

File System: NTFS

User: DESKTOP-NAE5VQN\Bob

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 318042

Threats Detected: 0

(No malicious items detected)

Threats Quarantined: 0

(No malicious items detected)

Time Elapsed: 4 min, 18 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 0

(No malicious items detected)

File: 0

(No malicious items detected)

Physical Sector: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.10.3.1001

www.malwarebytes.org

Database version:

main: v2018.03.11.05

rootkit: v2018.03.08.03

Windows 10 x64 NTFS

Internet Explorer 11.248.16299.0

Bob :: DESKTOP-NAE5VQN [administrator]

3/11/2018 10:48:36 AM

mbar-log-2018-03-11 (10-48-36).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 218625

Time elapsed: 16 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.10.3.1001

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.248.16299.0

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.592000 GHz

Memory total: 8506474496, free: 4291489792

Downloaded database version: v2018.03.11.05

Downloaded database version: v2018.03.08.03

Downloaded database version: v2018.01.20.01

Initializing...

=======================================

Driver version: 4.3.0.15

------------ Kernel report ------------

03/11/2018 10:48:30

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\System32\drivers\ksecdd.sys

\SystemRoot\System32\drivers\werkernel.sys

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\System32\drivers\FLTMGR.SYS

\SystemRoot\System32\drivers\clipsp.sys

\SystemRoot\System32\drivers\cmimcext.sys

\SystemRoot\System32\drivers\ntosext.sys

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\cng.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\WppRecorder.sys

\SystemRoot\system32\drivers\SleepStudyHelper.sys

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\tpm.sys

\SystemRoot\System32\drivers\intelpep.sys

\SystemRoot\system32\drivers\WindowsTrustedRT.sys

\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\system32\drivers\CEA.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\iaStorA.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Wof.sys

\SystemRoot\System32\drivers\WRkrn.sys

\SystemRoot\System32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\NDIS.SYS

\SystemRoot\System32\drivers\TDI.SYS

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\System32\Drivers\NTFS.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\wfplwfs.sys

\SystemRoot\system32\DRIVERS\hpdskflt.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\volume.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\system32\drivers\iorate.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\system32\drivers\filecrypt.sys

\SystemRoot\system32\drivers\tbs.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\vmbkmclr.sys

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\drivers\vwififlt.sys

\SystemRoot\System32\drivers\pacer.sys

\SystemRoot\system32\drivers\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\gpuenergydrv.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\drivers\bam.sys

\SystemRoot\system32\DRIVERS\ahcache.sys

\SystemRoot\System32\drivers\tap0901.sys

\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys

\SystemRoot\System32\drivers\usb3Hub.sys

\SystemRoot\System32\drivers\USBD.SYS

\SystemRoot\System32\drivers\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\System32\drivers\CAD.sys

\SystemRoot\System32\DriverStore\FileRepository\ki125121.inf_amd64_26ca8ba649abc040\igdkmd64.sys

\SystemRoot\System32\drivers\dptf_cpu.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\system32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys

\SystemRoot\system32\drivers\SpbCx.sys

\SystemRoot\System32\drivers\TeeDriverW8x64.sys

\SystemRoot\System32\DriverStore\FileRepository\nvhm.inf_amd64_c8a41364c1b3daa8\nvlddmkm.sys

\SystemRoot\system32\DRIVERS\Netwtw04.sys

\SystemRoot\system32\DRIVERS\wdiwifi.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\System32\drivers\rt640x64.sys

\SystemRoot\system32\DRIVERS\RtsPer.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\msgpiowin32.sys

\SystemRoot\System32\drivers\mshidkmdf.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\VirtualButtons.sys

\SystemRoot\System32\drivers\dptf_acpi.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\System32\drivers\portcls.sys

\SystemRoot\System32\drivers\drmk.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys

\SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys

\SystemRoot\System32\Drivers\msgpioclx.sys

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\System32\drivers\intelppm.sys

\SystemRoot\System32\drivers\acpipagr.sys

\SystemRoot\System32\drivers\WirelessButtonDriver64.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\System32\drivers\UEFI.sys

\SystemRoot\system32\drivers\nvvad64v.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\drivers\nvvhci.sys

\SystemRoot\System32\drivers\NdisVirtualBus.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\system32\drivers\LGBusEnum.sys

\SystemRoot\system32\drivers\LGJoyXlCore.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\system32\DRIVERS\clwvd.sys

\SystemRoot\System32\drivers\kbdhid.sys

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\drivers\hidi2c.sys

\SystemRoot\System32\drivers\hidusb.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\win32kfull.sys

\SystemRoot\System32\win32kbase.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_iaStorA.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\drivers\dxgmms2.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\esif_lf.sys

\SystemRoot\System32\drivers\WUDFRd.sys

\SystemRoot\system32\drivers\mmcss.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\wcifs.sys

\SystemRoot\system32\drivers\cldflt.sys

\SystemRoot\system32\drivers\storqosflt.sys

\SystemRoot\system32\drivers\lltdio.sys

\SystemRoot\system32\drivers\mslldp.sys

\SystemRoot\system32\drivers\rspndr.sys

\SystemRoot\System32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\ndisuio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\System32\drivers\rassstp.sys

\SystemRoot\System32\DRIVERS\NDProxy.sys

\SystemRoot\System32\drivers\AgileVpn.sys

\SystemRoot\System32\drivers\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ibtusb.sys

\SystemRoot\System32\drivers\BTHUSB.sys

\SystemRoot\System32\drivers\bthport.sys

\SystemRoot\System32\drivers\raspptp.sys

\SystemRoot\System32\DRIVERS\raspppoe.sys

\SystemRoot\System32\DRIVERS\ndistapi.sys

\SystemRoot\System32\drivers\ndiswan.sys

\??\C:\Windows\system32\DRIVERS\wrUrlFlt.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\drivers\tunnel.sys

\SystemRoot\System32\drivers\asyncmac.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\drivers\vwifimp.sys

\SystemRoot\System32\Drivers\mbamswissarmy.sys

\SystemRoot\System32\Drivers\MbamChameleon.sys

\??\C:\WINDOWS\system32\drivers\mbae64.sys

\SystemRoot\system32\DRIVERS\mbam.sys

\SystemRoot\system32\DRIVERS\farflt.sys

\SystemRoot\system32\DRIVERS\mwac.sys

\??\C:\WINDOWS\system32\drivers\1252FFAC.sys

----------- End -----------

Done!

Scan started

Database versions:

main: v2018.03.11.05

rootkit: v2018.03.08.03

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffe5809688e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffe580968909d0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffe5809688e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffe580945dab10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xffffe5809210e160, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffe5809208d380, DeviceName: \Device\00000041\, DriverName: \Driver\iaStorA\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: A50E1C7D

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)

Partition is NOT ACTIVE.

Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254

GPT Header Revision 65536 Size 92 CRC 3051119426

GPT Header CurrentLba = 1 BackupLba 1953525167

GPT Header FirstUsableLba 34 LastUsableLba 1953525134

GPT Header Guid 710cc55a-fa43-4ae3-8020-39fb76597949

GPT Header Contains 128 partition entries starting at LBA 2

GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254

Backup GPT header Revision 65536 Size 92 CRC 3051119426

Backup GPT header CurrentLba = 1953525167 BackupLba 1

Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134

Backup GPT header Guid 710cc55a-fa43-4ae3-8020-39fb76597949

Backup GPT header Contains 128 partition entries starting at LBA 1953525135

Backup GPT header Partition entry size = 128

Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

Partition ID 182e0b98-d5fe-45e2-9196-601d35f289d7

FirstLBA 2048 Last LBA 534527

Attributes 0

Partition Name EFI system partition

GPT Partition 0 is bootable

Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae

Partition ID 648e88db-80e6-45bc-8294-c65469d3dcd

FirstLBA 534528 Last LBA 796671

Attributes 0

Partition Name Microsoft reserved partition

Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID 243625c0-c1db-412f-8445-2d26d999e3f4

FirstLBA 796672 Last LBA 1924662312

Attributes 0

Partition Name Basic data partition

Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

Partition ID 3fd0fd97-2ee1-47d2-8b2-80759d7e45b8

FirstLBA 1924663296 Last LBA 1926592511

Attributes 1

Partition Name

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

Partition ID 731c1292-15af-4306-975b-192e339fc32

FirstLBA 1926592512 Last LBA 1953517567

Attributes 1

Partition Name Basic data partition

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Done!

File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)

File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)

File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)

File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)

File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)

File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)

File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)

File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)

File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)

File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)

File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)

File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)

File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll" is sparse (flags = 32768)

File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)

File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)

File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)

File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)

File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)

File "C:\Windows\System32\msIso.dll" is sparse (flags = 32768)

File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)

File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)

File "C:\Windows\System32\cldapi.dll" is sparse (flags = 32768)

File "C:\Windows\System32\aepic.dll" is sparse (flags = 32768)

File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)

File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\WINDOWS.STATEREPOSITORYPS.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)

File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)

File "C:\Windows\System32\services.exe" is sparse (flags = 32768)

File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)

File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll" is sparse (flags = 32768)

File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)

File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)

File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)

File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)

File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)

File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)

File "C:\Windows\System32\AcSpecfc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)

File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)

File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)

File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7a53e85a72080284c5b5cd703dd282cb\MSCORLIB.NI.DLL" is sparse (flags = 32768)

File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\dd89797400d103abfcfdd7e6c1829dd1\System.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\02e82312466db461bbcee5eaaa859429\System.ServiceProcess.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\95adebdc7528e7a8e4ae9685b1600f38\System.Core.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\09559970909d096bffb1f8eb605cddfb\System.Configuration.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\f2a690c7f588336efbc341feb9c9822b\System.Xml.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\86e7f970990faeef3b43b9e8f78222c2\System.Management.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9f581d4f9a23ed029b2f448ad019f156\System.ServiceModel.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\467b677caf704af4edc117e4e717ba8c\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d67e57958f1c1b935df0426f959ed92b\SMDiagnostics.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a6af07eb12ad728d7433ba41209a786d\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\f8025f152ecd6f7b046c136849bf717d\System.IdentityModel.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\ab96d3e2a54bf99e8e108c02ab2f0d05\System.Data.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\ae463c8f9567c79be370b9aff56aa2e3\System.Configuration.Install.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ba23d79855fdf2077add750094bcd0f9\System.Drawing.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7071684e37550c616cba4f2c995a6b01\System.Windows.Forms.ni.dll" is sparse (flags = 32768)

File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\abbb4d6643c6ee09c0d53aa8b43ab92c\System.Numerics.ni.dll" is sparse (flags = 32768)

File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)

File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)

File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)

File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)

File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.248_none_5d7c08dba7db7edd\comctl32.dll" is sparse (flags = 32768)

File "C:\Windows\explorer.exe" is sparse (flags = 32768)

File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)

File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)

File "C:\Windows\System32\AcLayers.dll" is sparse (flags = 32768)

File "C:\Windows\System32\wmp.dll" is sparse (flags = 32768)

File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)

File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)

File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)

File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)

File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\AcGenral.dll" is sparse (flags = 32768)

File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)

File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)

File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768)

File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)

File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)

File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)

File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)

File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\bam.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)

File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)

File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)

File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)

File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)

File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)

File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)

File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)

File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)

File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)

File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\CAPABILITYACCESSMANAGER.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)

File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\dusmsvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)

File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)

File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\INSTALLSERVICE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)

File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)

File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)

File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)

File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\PUSHTOINSTALL.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)

File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)

File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)

File "C:\Windows\System32\SEMgrSvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)

File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)

File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)

File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)

File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)

File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)

File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)

File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)

File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)

File "C:\Users\Bob\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)

File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)

Scan finished

=======================================

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removal finished

Rkill 2.9.1 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/11/2018 11:11:24 AM in x64 mode.

Windows Version: Windows 10 Home

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Bob\AppData\Local\Temp\ocrB91B.tmp\bin\rubyw.exe (PID: 16616) [UP-HEUR]

* C:\Users\Bob\AppData\Local\Temp\ocrF98F.tmp\bin\rubyw.exe (PID: 12044) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/11/2018 11:13:16 AM

Execution time: 0 hours(s), 1 minute(s), and 52 seconds(s)

#4 Broni

The Coolest BC Computer

BC Advisor
42,699 posts
OFFLINE

Gender:Male
Location:Daly City, CA
Local time:09:27 PM

Posted 11 March 2018 - 02:48 PM

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click

#5 rpm4178

Topic Starter

Members
8 posts
OFFLINE

Local time:09:27 PM

Posted 11 March 2018 - 05:33 PM

Getting user folders.

Stopping running processes.

Emptying Temp folders.

User: All Users

User: Bob

->Temp folder emptied: 10551156 bytes

->Temporary Internet Files folder emptied: 1037295 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 426934206 bytes

->Flash cache emptied: 566 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 23534632 bytes

%systemroot%\System32 .tmp files removed: 870596488 bytes

%systemroot%\System32 (64bit) .tmp files removed: 1079568808 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2617048 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 719 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 3308634 bytes

Process complete!

Total Files Cleaned = 2,306.00 mb

# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 11 20:39:34 2018

# Updated on 2018/08/02 by Malwarebytes

# Database: 2018-03-08.1

# Running on Windows 10 Home (X64)

# Mode: scan

# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1193 B] - [2016/10/31 4:51:51]

C:/AdwCleaner/AdwCleaner[S0].txt - [1293 B] - [2016/10/31 4:51:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

The Sophos tool ran without detecting any threats. I couldn't find a log file.

#6 Broni

The Coolest BC Computer

BC Advisor
42,699 posts
OFFLINE

Gender:Male
Location:Daly City, CA
Local time:09:27 PM

Posted 11 March 2018 - 06:03 PM

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click

#7 rpm4178

Topic Starter

Members
8 posts
OFFLINE

Local time:09:27 PM

Posted 11 March 2018 - 11:07 PM

The Malwarebytes scans and Sophos didn't turn up any malware so I guess the issues that i am having with Chrome are caused by some other issue, but it is good to know that there aren't any viruses or rootkits lurking in my system. I've had this laptop for a a fewhis was definitely a good exercise to go through.

Unfortunately, Secunia PSI is no longer available. Their website now points to flexera.com so they may have gotten acquired.

I'll definitely review those malware avoidance materials on Bleeping Computer.

#8 Broni

The Coolest BC Computer

BC Advisor
42,699 posts
OFFLINE

Gender:Male
Location:Daly City, CA
Local time:09:27 PM

Posted 12 March 2018 - 05:46 PM

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Close all Chrome windows and tabs.
Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click

#9 rpm4178

Topic Starter

Members
8 posts
OFFLINE

Local time:09:27 PM

Posted 13 March 2018 - 10:50 AM

I did uninstall/reinstall Chrome this morning, and although I did not delete my Chrome profile, it seems to have alleviated the high CPU usage problem. I will keep an eye on it and if the problem reoccurs, I will follow this procedure.